Malware Analysis Report

2025-01-17 21:20

Sample ID 240603-n58cfsdg2s
Target a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe
SHA256 d42693e4a207d2c0c1c618424fd6ce301f8edc467106014f813aa1ed01a7e400
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d42693e4a207d2c0c1c618424fd6ce301f8edc467106014f813aa1ed01a7e400

Threat Level: Shows suspicious behavior

The file a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 11:59

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 11:59

Reported

2024-06-03 12:02

Platform

win7-20231129-en

Max time kernel

61s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembukwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrohir.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqktgo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgaeou.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfwqlr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemajgws.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemcxjyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqempzpoh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemzuhyo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemuxmwm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemmoooa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgcdya.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembikjj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwkoyh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemovczp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgvejc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembxiga.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemtlhll.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemozowm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjbsts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqematumx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemvdyjd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemnrpog.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemiutmm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemaisrw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemsiubc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemnkyzi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemimcwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemcsjhp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemuslzu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqempupwa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhiobd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemzefhn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemugjwt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemmvhbw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhxezc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemzlcee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrlews.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemlniuq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgpmrw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemypojj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqenpm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemljurv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemduirv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemyempb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqtdud.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemlvhrj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemdnjcx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemvjhhz.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembukwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembukwh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrohir.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrohir.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqktgo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqktgo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgaeou.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgaeou.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfwqlr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfwqlr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemajgws.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemajgws.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemcxjyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemcxjyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqempzpoh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqempzpoh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemzuhyo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemzuhyo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemuxmwm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemuxmwm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemmoooa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemmoooa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgcdya.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgcdya.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembikjj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembikjj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwkoyh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwkoyh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemovczp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemovczp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgvejc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgvejc.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2912 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe
PID 2912 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe
PID 2912 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe
PID 2912 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe
PID 3048 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe
PID 3048 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe
PID 3048 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe
PID 3048 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe
PID 2608 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe
PID 2608 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe
PID 2608 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe
PID 2608 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe
PID 2572 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe
PID 2572 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe
PID 2572 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe
PID 2572 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe
PID 2504 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe
PID 2504 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe
PID 2504 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe
PID 2504 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe
PID 2156 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe
PID 2156 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe
PID 2156 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe
PID 2156 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe
PID 2692 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe
PID 2692 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe
PID 2692 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe
PID 2692 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe
PID 2968 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe
PID 2968 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe
PID 2968 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe
PID 2968 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe
PID 1616 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe
PID 1616 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe
PID 1616 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe
PID 1616 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe
PID 2332 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe
PID 2332 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe
PID 2332 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe
PID 2332 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe
PID 2432 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe
PID 2432 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe
PID 2432 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe
PID 2432 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe
PID 1996 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe
PID 1996 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe
PID 1996 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe
PID 1996 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe
PID 2260 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe
PID 2260 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe
PID 2260 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe
PID 2260 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe
PID 2264 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe
PID 2264 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe
PID 2264 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe
PID 2264 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe
PID 2880 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe
PID 2880 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe
PID 2880 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe
PID 2880 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe
PID 572 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe C:\Users\Admin\AppData\Local\Temp\Sysqembukwh.exe
PID 572 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe C:\Users\Admin\AppData\Local\Temp\Sysqembukwh.exe
PID 572 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe C:\Users\Admin\AppData\Local\Temp\Sysqembukwh.exe
PID 572 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe C:\Users\Admin\AppData\Local\Temp\Sysqembukwh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemphwnn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembrydl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembukwh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembukwh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrohir.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrohir.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqktgo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqktgo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgaeou.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgaeou.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfwqlr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfwqlr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemajgws.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemajgws.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcxjyn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcxjyn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempzpoh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempzpoh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzuhyo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzuhyo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuxmwm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuxmwm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmoooa.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmoooa.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgcdya.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgcdya.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembikjj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembikjj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwkoyh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwkoyh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemovczp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemovczp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgvejc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgvejc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembxiga.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembxiga.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtlhll.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtlhll.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemozowm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemozowm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjbsts.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjbsts.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqematumx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqematumx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvdyjd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvdyjd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnrpog.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnrpog.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiutmm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiutmm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemaisrw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemaisrw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsiubc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsiubc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnkyzi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnkyzi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemimcwg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemimcwg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcsjhp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcsjhp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuslzu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuslzu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempupwa.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempupwa.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhiobd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhiobd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzefhn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzefhn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemugjwt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemugjwt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmvhbw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmvhbw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhxezc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhxezc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzlcee.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzlcee.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrlews.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrlews.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlniuq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlniuq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgpmrw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgpmrw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemypojj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemypojj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqenpm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqenpm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemljurv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemljurv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemduirv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemduirv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyempb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyempb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqtdud.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqtdud.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlvhrj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlvhrj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdnjcx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdnjcx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvjhhz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvjhhz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqiarc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqiarc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfeizp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfeizp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvmuzo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvmuzo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemftyxg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemftyxg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrrpzu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrrpzu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoshmq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoshmq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzkxkd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzkxkd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdefsc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdefsc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqcauk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqcauk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqrxab.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqrxab.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemclehn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemclehn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempkykv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempkykv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfvvff.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfvvff.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwkvvk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwkvvk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjebkv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjebkv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemycikw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemycikw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemostsv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemostsv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiqjny.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiqjny.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvspdj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvspdj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrwlvq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrwlvq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjhynq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjhynq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgirat.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgirat.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtzldc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtzldc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembdvqm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembdvqm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlzoab.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlzoab.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkvigy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkvigy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxwpnj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxwpnj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemujkji.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemujkji.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemexlyy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemexlyy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembrhto.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembrhto.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrcdgx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrcdgx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtbjwv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtbjwv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlimba.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlimba.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqeminpbh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqeminpbh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqoobn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqoobn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzqdmb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzqdmb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsyfrg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsyfrg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemudjmv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemudjmv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgfpbg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgfpbg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgunzf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgunzf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqinwv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqinwv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempboop.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempboop.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfjiow.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfjiow.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemshdrf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemshdrf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfyxun.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfyxun.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmrwzk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmrwzk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemczqhr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemczqhr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwfgcu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwfgcu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlcgkz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlcgkz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemasnka.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemasnka.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnfezf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnfezf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkrase.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkrase.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzdxmo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzdxmo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcvocg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcvocg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrrwcs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrrwcs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwptsg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwptsg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjrzar.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjrzar.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemydfnv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemydfnv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnocae.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnocae.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcazfi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcazfi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsuwss.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsuwss.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrmxkm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrmxkm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhgtxv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhgtxv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemymtva.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemymtva.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemocfdh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemocfdh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiqryp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiqryp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemaafqx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemaafqx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemztgar.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemztgar.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsetbr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsetbr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxfbvh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxfbvh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjhhdt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjhhdt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmrzbl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmrzbl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembkwov.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembkwov.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemscgqc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemscgqc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdyhjk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdyhjk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxwqdm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxwqdm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfaare.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfaare.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkntzx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkntzx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwtltl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwtltl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrnqjd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrnqjd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgkyjq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgkyjq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdiejr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdiejr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqyzmz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqyzmz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrqmbe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrqmbe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemephem.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemephem.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemthbbe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemthbbe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgulrj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgulrj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxnwcr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxnwcr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemquyho.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemquyho.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemksocr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemksocr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwyfef.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwyfef.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwndkw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwndkw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoxice.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoxice.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwjphb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwjphb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrhisw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrhisw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqajkq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqajkq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembznhj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembznhj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfpscx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfpscx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvjopg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvjopg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempdtfg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempdtfg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcjlau.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcjlau.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembqjxo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembqjxo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqnrxa.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqnrxa.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtuyah.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtuyah.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdenkd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdenkd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzffxz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzffxz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhbplq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhbplq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhuqvk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhuqvk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtwwlv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtwwlv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtluqn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtluqn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgbptd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgbptd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemddhgz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemddhgz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemszhgl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemszhgl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsoeld.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsoeld.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfnzol.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfnzol.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrpbwr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrpbwr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgemwy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgemwy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlvrqu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlvrqu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemypxgf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemypxgf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdcroy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdcroy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempexwk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempexwk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsnotc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsnotc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkvqzz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkvqzz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuxgju.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuxgju.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjuojh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjuojh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemohhrs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemohhrs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemextzz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemextzz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtubzl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtubzl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemotujo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemotujo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgkwbu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgkwbu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyzuhe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyzuhe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtxnrz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtxnrz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemolubi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemolubi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdlooy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdlooy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyokmw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyokmw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempcjrg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempcjrg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhyzwr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhyzwr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdxahm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdxahm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvlrmx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvlrmx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnzprz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnzprz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemeogwk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemeogwk.exe"

C:\Windows\system32\wbem\WMIADAP.EXE

wmiadap.exe /F /T /R

C:\Users\Admin\AppData\Local\Temp\Sysqemzbwzt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzbwzt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrqmev.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrqmev.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkxora.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkxora.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembpyjo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembpyjo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxoruj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxoruj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemocizt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemocizt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgcsjz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgcsjz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembalcc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembalcc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtsnmh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtsnmh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlolrs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlolrs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgfekv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgfekv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemybvhy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemybvhy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqtxzl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqtxzl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlhmkm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlhmkm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdsacu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdsacu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvgqhe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvgqhe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempmgrf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempmgrf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlkzci.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlkzci.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemckauo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemckauo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuzzzy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuzzzy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqxsku.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqxsku.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhpuch.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhpuch.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzahup.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzahup.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrwgzs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrwgzs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjkxfc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjkxfc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfjqpx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfjqpx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwxoui.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwxoui.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoxqnv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoxqnv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgiefd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgiefd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemztrxd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemztrxd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrhico.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrhico.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemivhhy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemivhhy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembguay.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembguay.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtvlfj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtvlfj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoxpch.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoxpch.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgtnhr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgtnhr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxhenc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxhenc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqssfc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqssfc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemigqkm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemigqkm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdfjvh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdfjvh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsfuix.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsfuix.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnensa.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnensa.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcnzfp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcnzfp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxpdcn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxpdcn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsrhat.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsrhat.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkjjsy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkjjsy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzcfni.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzcfni.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemryekt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemryekt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmbiir.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmbiir.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemepznb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemepznb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzosfw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzosfw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrfuqk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrfuqk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyvnyr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyvnyr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlbxsf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlbxsf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqoqay.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqoqay.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfwkif.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfwkif.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzfdqd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzfdqd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkbeas.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkbeas.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemudtlf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemudtlf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhqlil.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhqlil.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjmolg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjmolg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyjolt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyjolt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemegttg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemegttg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqmkwu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqmkwu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvvsql.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvvsql.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkhpdu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkhpdu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemugctz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemugctz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhaijk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhaijk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemeyhjl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemeyhjl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwjubt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwjubt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemywxeo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemywxeo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemihnob.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemihnob.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkrmeu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkrmeu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdbaeb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdbaeb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcuaov.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcuaov.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempzsrk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempzsrk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjrlmh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjrlmh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyzxzw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyzxzw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembfljm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembfljm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqriwn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqriwn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtjzuf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtjzuf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemifhus.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemifhus.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnhqpi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnhqpi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemceypv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemceypv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxydfv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxydfv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmhork.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmhork.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuznsq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuznsq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjwvsd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjwvsd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemldjcs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemldjcs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtwgpc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtwgpc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsasnz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsasnz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfuyck.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfuyck.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfjoij.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfjoij.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrpfcy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrpfcy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwbykr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwbykr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmghfn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmghfn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlctcs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlctcs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyezsd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyezsd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemizsll.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemizsll.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemytoxu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemytoxu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuxsyt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuxsyt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnfudy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnfudy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjjqde.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjjqde.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzrbdd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzrbdd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwstqh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwstqh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlifyo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlifyo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemijplk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemijplk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvdvtv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvdvtv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsxzot.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsxzot.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemclrdj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemclrdj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcspib.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcspib.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemudcbi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemudcbi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqqybp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqqybp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjpagm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjpagm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoctof.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoctof.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemaezer.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemaezer.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemawiwl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemawiwl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnqoee.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnqoee.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhblbc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhblbc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzsutq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzsutq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhtttw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhtttw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzehme.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzehme.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemotqek.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemotqek.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdnmru.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdnmru.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdfnjo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdfnjo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemscvja.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemscvja.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemagyws.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemagyws.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempsujt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempsujt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhhspt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhhspt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzguhy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzguhy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemujyee.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemujyee.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoonhf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoonhf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemglemp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemglemp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyzdra.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyzdra.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtbhpy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtbhpy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemohozh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemohozh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjrsxf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjrsxf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemycpkp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemycpkp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnlawe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnlawe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjjtpz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjjtpz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsmjzu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsmjzu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiffmw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiffmw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhyofy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhyofy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxrlsh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxrlsh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemusvfd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemusvfd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempvzcb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempvzcb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgmbup.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgmbup.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembxfkv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembxfkv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemorlzg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemorlzg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemehxhn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemehxhn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembweig.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembweig.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemncvcu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemncvcu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkwrxs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkwrxs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzwcki.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzwcki.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcguaa.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcguaa.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrwniz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrwniz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemugfxr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemugfxr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmuddb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmuddb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvxufr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvxufr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnlsdt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnlsdt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvmrdi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvmrdi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnxfdq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnxfdq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkypil.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkypil.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcqraz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcqraz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhowqm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhowqm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxhsdo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxhsdo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrnjyr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrnjyr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgoulg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgoulg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdlblh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdlblh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnkfis.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnkfis.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemukbtg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemukbtg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempjulb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempjulb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjxxow.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjxxow.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembtwth.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembtwth.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmopeo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmopeo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemblxeb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemblxeb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqxuje.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqxuje.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfrreo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfrreo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnnbjf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnnbjf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemibrtg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemibrtg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcdnre.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcdnre.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxicbn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxicbn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempfbhy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempfbhy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkkiry.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkkiry.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfqpuz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfqpuz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwqzmn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwqzmn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrwhwv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrwhwv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmjwzw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmjwzw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjdjbs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjdjbs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembdtug.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembdtug.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwiaeh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwiaeh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemroqhp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemroqhp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmymen.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmymen.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgebow.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgebow.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembgfmu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembgfmu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqdfmh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqdfmh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqwoeb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqwoeb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfsoen.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfsoen.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqoppd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqoppd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemizcpc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemizcpc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcftkf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcftkf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrctks.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrctks.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwpmrl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwpmrl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoaakl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoaakl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemohxpc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemohxpc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemggzhp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemggzhp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembjdfv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembjdfv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemohyhe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemohyhe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemspdua.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemspdua.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemifocz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemifocz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfghpd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfghpd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemudhpp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemudhpp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemobxkk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemobxkk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgmkks.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgmkks.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemthrkf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemthrkf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemixlke.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemixlke.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfyvxi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfyvxi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvggfp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvggfp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempmxaj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempmxaj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqememqnz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqememqnz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempeftl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempeftl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembkpna.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembkpna.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqwkiq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqwkiq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemaklyo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemaklyo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuibaj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuibaj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhhwdr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhhwdr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempzddg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempzddg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemftaqp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemftaqp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjbfwg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjbfwg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembmlon.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembmlon.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyroom.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyroom.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqyqtr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqyqtr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkehwm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkehwm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemaqdjv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemaqdjv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemclglq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemclglq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrigld.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrigld.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemognte.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemognte.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdrkgn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdrkgn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyxabi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyxabi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnnmjp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnnmjp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemymqha.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemymqha.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemngncj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemngncj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemeqxer.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemeqxer.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxxajw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxxajw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcktrp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcktrp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrhbrb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrhbrb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemowizu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemowizu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemghnrc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemghnrc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiznhu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiznhu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhzkru.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhzkru.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuqgmx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuqgmx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmefsh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmefsh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembqcxl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembqcxl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtxecq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtxecq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlabns.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlabns.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsxbne.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsxbne.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmzcuc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmzcuc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiyvnf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiyvnf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrblim.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrblim.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhjfqt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhjfqt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoysin.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoysin.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgjgan.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgjgan.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemixjdi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemixjdi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyqfys.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyqfys.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqtuit.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqtuit.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzhuyr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzhuyr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemucznj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemucznj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmqytu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmqytu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdxyiz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdxyiz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtnjqf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtnjqf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemniogx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemniogx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdfwgk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdfwgk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmimbz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmimbz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzypdi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzypdi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwslyg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwslyg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrysbh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrysbh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqfplg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqfplg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjnsyl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjnsyl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlxjoe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlxjoe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemaxcbt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemaxcbt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvowei.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvowei.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemndvjt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemndvjt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjefww.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjefww.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzurev.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzurev.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtshzy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtshzy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembzcrs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembzcrs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsocpx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsocpx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiizch.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiizch.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemujsje.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemujsje.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmugkm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmugkm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemexumo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemexumo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiozhk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiozhk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemflfhd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemflfhd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemywtzl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemywtzl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcjmhe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcjmhe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvipvb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvipvb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmarxi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmarxi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemficcn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemficcn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjnnkh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjnnkh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwptas.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwptas.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemospku.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemospku.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdlmxv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdlmxv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemamwkz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemamwkz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnsofn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnsofn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmzlkf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmzlkf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemevcqp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemevcqp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuvwqq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuvwqq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjptda.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjptda.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemahwfh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemahwfh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqmeal.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqmeal.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqiqgi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqiqgi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfmygu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfmygu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxebdt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxebdt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempppwt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempppwt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmqhjx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmqhjx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzpclg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzpclg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnhwjp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnhwjp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfsjjx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfsjjx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcqijq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcqijq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvbwby.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvbwby.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempzmwa.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempzmwa.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwsjrk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwsjrk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzcagc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzcagc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemowxte.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemowxte.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvdsuy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvdsuy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlxpgi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlxpgi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnksjd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnksjd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemamyzo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemamyzo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuhdpo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuhdpo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjelpa.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjelpa.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoqxwu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoqxwu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemektjv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemektjv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdcccx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdcccx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvrtha.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvrtha.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemadmpt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemadmpt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtlpuy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtlpuy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemixuzc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemixuzc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxirul.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxirul.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzaike.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzaike.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmupap.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmupap.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuyzfy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuyzfy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjvhfl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjvhfl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqeminixn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqeminixn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembyvpn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembyvpn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsrysu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsrysu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiyrab.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiyrab.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkuucw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkuucw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcfide.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcfide.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzgsia.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzgsia.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemozodj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemozodj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemteikc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemteikc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemixfxm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemixfxm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfvmyf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfvmyf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvoisp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvoisp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfgnab.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfgnab.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuwhii.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuwhii.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtvwti.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtvwti.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjlqao.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjlqao.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembafgg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembafgg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfiktc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfiktc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxxkqg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxxkqg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempixjg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempixjg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmyejh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmyejh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzakys.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzakys.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwxjyl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwxjyl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgwvwe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgwvwe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemducwx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemducwx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnavtv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnavtv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkycto.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkycto.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzrygy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzrygy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrrjex.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrrjex.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgojmj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgojmj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqjihq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqjihq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdwrww.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdwrww.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfruzr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfruzr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsixci.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsixci.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrmjhe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrmjhe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhfguo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhfguo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembdwxj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembdwxj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemofcec.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemofcec.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiahuu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiahuu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemytehe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemytehe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqxssg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqxssg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemczyhr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemczyhr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzsquv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzsquv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmnakb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmnakb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmfjvv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmfjvv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtqhas.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtqhas.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkxhxp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkxhxp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemywais.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemywais.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzvoxq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzvoxq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemplzfw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemplzfw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmpvxv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmpvxv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemeaiyd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemeaiyd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmthqj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmthqj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyyzsg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyyzsg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtteay.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtteay.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiqmik.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiqmik.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkidyc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkidyc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxyyal.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxyyal.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzubdg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzubdg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemstdql.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemstdql.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmgqdt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmgqdt.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\Sysqemhvdma.exe

MD5 00390b21ee166e08f2090514889eaf85
SHA1 8c3af7fe063a8adff58da9f4819de442cac96276
SHA256 210b23948edf0f4eed432d03fb2c865566c18e22de8c2a33d34fb1d85fb4f0d1
SHA512 f8a5ebcac4c329d51aa5b8450f9b8d20c2fb3d9e4296d3e5eab3ee7a647e2e1b78de63898655400e7d028f2fc4e840d2680885d447c5de04313740760e39bcb9

C:\Users\Admin\AppData\Local\Temp\Sysqamqqvaqqd.exe

MD5 10dc39b8de0680bbfef33513788f3171
SHA1 0be98e4a935a9f058cfc2e08f07abf70a6b37621
SHA256 c292548611b3da745ad8a5d00dbab0128618c416c5d566593d16ed1d0f009e97
SHA512 76fca6a7a9eb42bbf84cde199a67c044ac408c937fd280bf85fc4e032c657dcad3f363efa55086293d6f3fac849b43405631d5c8ab5cb158323f8875f4e74e44

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 f3d8eeb75d3ff2eaffd215f48310a29c
SHA1 25a76f64f486b20702e31df96a0ae57ce255afb7
SHA256 6b1a98e7c6243c7faf8224ee908a4cc69ff655006daade49bf0e12244a3117f3
SHA512 862dbcafd380fb64dcb1ffab9f73335e9a253117a19fdd8ea0c3cc22a8f4a4ee820e00bbcd51baed19873d02081949448909ee864091ccdbd3362488898399bc

\Users\Admin\AppData\Local\Temp\Sysqemwzise.exe

MD5 2b506f16ec1146b795b7cabe904cabeb
SHA1 4980c4cd0b9fcdeebd6166411f9b0b41576d4c64
SHA256 56ce33cdfb52536270a89832f3e3f6bef943e34ac97491aa25aaf7c0fcf67e99
SHA512 80cf3e806cfe944f0a95cb08cbd0d61c097fc7306d8c76062f330c2d663915ea6a50c3b05cdfb4d9d5cc745617edda8743cd99219c7b9cad716541382374d231

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 5746c58bcf7502208db0f2d62adb8534
SHA1 4cbc9c575661c69f99266d44d3cb1995ee5b10f9
SHA256 c54484c65d49e966c1214e2a8482b4e0e213eee52de3ac79808211379da976cd
SHA512 2abba45c0b77fde247d172b83470e8ec5140c8dc72a674236ea233b31ae39edaa66708a9c9ffebc51489905d9794e9a00a6592097d2c20529640de6223630d6e

\Users\Admin\AppData\Local\Temp\Sysqemkuspk.exe

MD5 a1fdbb3db86da33e1d3c996809d56b40
SHA1 62ba1823cc4c3443b2251035a22b49de96078bb5
SHA256 0d264141059e992ef0f6f83c604708068887a7dd8d4d81c315c906b5d5760e2c
SHA512 c67f4c2d93517838e93f5aba6bb63c3759c078df6af0c5caf5ca045d96776a6481d9fee5fa04699a334209920a7ed908c48fe3f1d32e85a697cdeb41bbebb742

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 6218159346750cba4249c7bdffd94002
SHA1 0d15edc7e6c114c7c47e93ee3e6f8381c8ef242c
SHA256 ba13f9bf298dbde4d2baae3efb3d2ed5ab2425149b2152c829d83613451c8b79
SHA512 6489c139a26380243d62b565e60753fe91b9e7f14c4bebcfa05ff1edfe4fdb9b668d3f424d4b810e7e318ab327a27dd5c502d70addbc0c019d55f2c20756a52d

\Users\Admin\AppData\Local\Temp\Sysqemwghpp.exe

MD5 3df02cd831b9c4a3129eac0b8f6d7883
SHA1 9248eaf7646d62c438b84590c0319583cf6ceb2c
SHA256 03873446a1ef63ae18fb0a862398dc69079c09009fa345f3cb645ef9725b5213
SHA512 518beadf7befaabf574eb88c7d1a400cf1c29cea6fe62b816f1a29fe1632cfa3cf64ba4ff46f4f26cd7cbfe467ac9121ecce2cb04a41ca2b452bd49b0d8c1135

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 e9fdcc5ffd99fdbfa9671c76d8394fc3
SHA1 fe37000bc808b2e7a0dad247f95eed2a66ce5b08
SHA256 e1a01a00d19b2fc1fd1eb57b683010d5aa83c7ae8eace8b153d62c366bd63799
SHA512 ea0afeb757fc507649907096e60531a02df55a76083e3afcb309f269a01ba712e240efb63b044c8295bdb59d874d6dda8f40a46d5504b4eda2256a875ddb1e6d

\Users\Admin\AppData\Local\Temp\Sysqemdouij.exe

MD5 a661c35e7d4649cf9ba77eae6f746ea9
SHA1 637dd3ee51f47ae58ffa239c829a9eb83569d376
SHA256 4090d348e3a32063121434f8d4967169cb7ea055d19dff0529f8b0fafcc1e176
SHA512 4e6f4d8cc32aafc0f5115a3fc749c6ff5a88db4b1871d6a712305980660937f47cc7b062d2dfd914309d35f81d3c3c2fea44126e950f50f4d355c38ead1f03e4

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 d69ff00cb69ec1e224f60cd2418db79b
SHA1 401ae7ccad6c00a91ee0d74a208d2dd951849265
SHA256 f7ca62871fb4d7b6a8db6daa5108b0c85c2bbdf40c5512b4bdc1e2b72e168c42
SHA512 4dc044b430a86db9a6289c60c1f4b8f43b042cfbe082111632a9c968b6a2bc43ec286485abcf1b98c3754eecdc0458295326c5b44e800b096f635e2abe1fd3a7

\Users\Admin\AppData\Local\Temp\Sysqemfcgcy.exe

MD5 38ac9e64d00e41cf88429e1ebfe96b9b
SHA1 ad532b39854870a1a6874e8722c07316cd22bb34
SHA256 bb2768eda6f7c2b81b3d9e7aa58a1306612cea31d4780f6c5cad8e624bf02ae5
SHA512 273ef5f4165f5395c361bddcb99dd3ddddfd6d9f03b42f140faf42e032eec70b9d2b8a74fb6fb8d8f5109f2fe41754ce640147acfe226bced0608f6837db4dff

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 a418cde48224bd373b6e4f16640d170f
SHA1 30a9da6076d5e64fde0d0e36ed098e84949e7f0b
SHA256 b366ff306f2cdc0a959ef5f68c7ebfd1ba96127b06c40ea35ef0d80a39ab15ee
SHA512 ec6ccd36789bb8a3ab7a21e95fb65db68a31d80d7ba76ee96fb05fde392a674a427acb7fa96619072dfc2cbc44b5cb3daffa0f216cd16fc2e841aad2cee5d590

C:\Users\Admin\AppData\Local\Temp\Sysqemuvdpi.exe

MD5 76764a23a641ba4a8a2a48d2b74dd80f
SHA1 2e4de0bcc759f253cece07e8f7ad8bc524e3ba59
SHA256 f799655e870c11531ed913f98ef086af98edfb431e7ca72f4e88d9da8d935ef7
SHA512 ff254188596213676006040135e81baaaf7b7c672e45e93b777b59c465bdca2d770ce2e2eb792d5b5780323cc2422300f1b199c54d2e2181235578b77582afdc

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 53e848a61e5a0d95f91f8f6a0b5dbb86
SHA1 04627d7ca63eaf674c2b282add34b3787b1a666e
SHA256 74b7abc826991f3f5b496c67c6c7262f1734e99361180d6d03d5e58ca7be0113
SHA512 6107c0e294a769996d7ed839f24afdf62b8c46ca1bf0baedc47afa08deb6ccb6ac900d8897e2b0ae7befec00d289b482a48ec6587717e63e14255af679fb0566

\Users\Admin\AppData\Local\Temp\Sysqemshylg.exe

MD5 8237e8b1f6eba3bdc2f8dbd7f09cd3e9
SHA1 f8c74f3518b891fa9d959cde117e6e01bbf311fd
SHA256 58721066ffb31e73d2bd706c3822b46237eb306bd83ad254b91324afbb506dd4
SHA512 359c8c910d4e0a59ccecbc134937fc39c0bd69039a54f99e6ac3b4a46e2cbcdec74d73778d3448127b858fde693c25a0132a0dad3820ca01073d1ce32d55b1fc

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\Users\Admin\AppData\Local\Temp\Sysqemrazva.exe

MD5 da87515548a2a836ef80615175b6e7bb
SHA1 54e59f0caa5d07d66f0fd55b7c5dc1a63db1b98f
SHA256 4af3032792b904aa16fdb1b6d9fcce2e1e507b539a56c00092d91ccfcdac8552
SHA512 14599974258bcc6295094b8b75498736e65381f20d628676d444e3542983e7a84123be0784df333e4bd47f5c364fa3d581985bb68d0b9e7730cca8b5470cc084

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 71e3a1c01a578b8b60669b57cc151fc2
SHA1 4dcabd6b925381a1d5c38fc7bb30c00188ac17b4
SHA256 a8340a6637a15f976f9b90bfd124cc0a4645d43668a351841cf12fb862a58e21
SHA512 e365ae168567625895fed3016bdab6923cc34a960049f755a96163a978986b1f346e1cb935e8266b30ba85e261f70e13200f75aa6471aa69c9be47b513c6c532

\Users\Admin\AppData\Local\Temp\Sysqemgpinh.exe

MD5 0f9eebf7b689b99cfc38dcb43a41bf8e
SHA1 2f8706dc9786120374607ec78c836cb9e4d16e46
SHA256 5259ec26e97ae0f394183845b4e9a235de5cb1c9ab049512bccda81610c04c3f
SHA512 429ebd2c02d62693cdd18071565a5950f1a6980edd8dee78660dba2e323aab499b34275607ba1f0328dd7e9ee15fc82018daf9801f7720a75a218c4e6bf60273

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 4c90057d2145742069499087e49b2ee8
SHA1 6e611105cde213c65a9a17e44148c828737d624a
SHA256 3a53d4a415ccb5ec3781a1e28a3a61f76f243a2971e6b50dc8422d284788b8d7
SHA512 3be559dae233c208f90b3804eaa2a405fdb45bfcb048d285a82a26b67e4ab72d3915d394fb84446775bc854c113e509371bb5a5bba480bcd9b23f63b8bef4ac3

\Users\Admin\AppData\Local\Temp\Sysqemqayyu.exe

MD5 8b64ff4182a71d70421f133f165f0bf3
SHA1 fa005164095f598390b52f1c7fa62a34cd3f9c4c
SHA256 7e832b31475450aa684c3e949086a6831d65f5caeec827d42e4de48b0a1c170f
SHA512 9e7bdf2e90204a99342b6d0e6a2370564e232dd3edaa8504514892f7dfa51ba705fff317a73564699499489c6f9fda5c28acf6d53ca223b02ea1e4731101d503

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 97b994c24f3d37cfccbbc4168761d147
SHA1 1b467cbb129ae58f7151c1fa3330f113563da2e4
SHA256 1fe432c623f3ccea1d87cbf4af532050d8dc5c2bf83dd3216f9eb098e4c30e6c
SHA512 fdcff094cb8aea9675da4786c7e1e0dc7a59fb5487b62f1a12b5225c261e9331d3accac4637c717c10b628b8cdbb1d87030ad8a6397219ad9efee4dec55281b3

\Users\Admin\AppData\Local\Temp\Sysqemfmvdy.exe

MD5 4ca92d3bd14e75714e52009a055468de
SHA1 967a4d5064880600d63c403cbc990ec08d2c7bca
SHA256 bbf5e75c3cb448a278c3cfd3ab0e4b733a4e631dd2ad40e689b21305bbba09d7
SHA512 5583a32de32b58d868f0b330cd48476353a0f6a6d9fe8dfd6316e2f966ee3af31f64c812a3e9a6ce0e3e8e4ebbd13eee2b95f3fe8ec2ed3bdf992a0ba89db646

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 de9d700c2845d1820931ef8d0219dbe7
SHA1 7f5a27973b76235e6982d8607a1ec008c9d49123
SHA256 00abca164bfd1ff18d53a45f71c408f85b6155ac970b2c4bc1d3ff6481d476cc
SHA512 bf81ede190128b593f18c040a4d525d94a05ffb77c2103a74d1bb0c436703725dadc6279ec2c183eda5da473d7e1c7d86123f4f48ebbabf72e6c2cd9ceba35e2

memory/2360-1371-0x0000000077AA0000-0x0000000077BBF000-memory.dmp

memory/2360-1373-0x0000000002FC0000-0x0000000003C0A000-memory.dmp

memory/2360-1372-0x00000000779A0000-0x0000000077A9A000-memory.dmp

memory/2360-1374-0x0000000003430000-0x000000000407A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 11:59

Reported

2024-06-03 12:02

Platform

win10v2004-20240508-en

Max time kernel

90s

Max time network

110s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemjhkar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemqwjrx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemolvxl.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemafhwe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemfjsod.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemviwvx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemqlyae.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemrlclf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemiziqg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemjgvmf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemebxwh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemgfulj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemmhojq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemycizy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemfxago.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemqixrh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemslhhe.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemmdfmi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqembmxup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemzgbsv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqembafsg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemtmczr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemzkrwj.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemafdev.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemlxrum.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemoaftn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemyfbjv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemvuzsc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemhqlrd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemojvtn.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemjauam.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemqhffx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemmayhw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemvsfja.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemizqaz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemcnwwa.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqembtumk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemvutrs.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemrmsub.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemnhgln.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemhebht.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemhjdfp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemlttbw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemiuenx.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemttnil.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemworyr.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemltpiu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemqhfus.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemjfloz.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemgmgcv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemtrhyo.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemnmwmu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemqttiw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemnafyv.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemghvqh.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemiowwg.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemgnjra.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemmrdux.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemdxeli.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sysqemwrmuz.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemcpzjc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwjeru.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembtumk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwrmuz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemclyxb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhjdfp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwrpxq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembafsg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjtesv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrisoz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemeatiw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgrlgo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemlttbw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemoziem.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemyvawb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjuntm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemtmczr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemeeswv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemoalpl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemycizy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhokzh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemolvxl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemghvqh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemoivvh.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemoaegb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemoaftn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqembcmok.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemlnleq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemexzjk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemiowwg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgtdrr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqhfus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjauam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemlcsqs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemtdsvl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemyfbjv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemoyhjq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemaezry.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgnjra.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemladff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemlpcpi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemttnil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemworyr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemvsfja.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemafhwe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemlemzb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemdxbfu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemizqaz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqhffx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemvuzsc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemtrhyo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfxago.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemnmwmu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemvutrs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqijhm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemymuap.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemdcsax.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemvcdyw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemqejaf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sysqemfjsod.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemladff.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemanbgq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemnrkyv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemzrene.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemhjdfp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemtrhyo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemnzhtw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemyomlg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqembmxup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemyvawb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemdcsax.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemqgedb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemdxbfu.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemjfloz.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemoopyi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemqkmkm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemjditd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemdrkan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemltpiu.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemcnwwa.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemikneo.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemiziqg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemrdrfj.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemzkrwj.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemdxeli.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemtmczr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemqlyae.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemxatga.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemgihon.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemexzjk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemqixrh.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemozztq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemibnmf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemtdsvl.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemafhwe.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemnhgln.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemeiwwq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemjhkar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemoziem.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemghvqh.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemfdxon.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemlxrum.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqembcmok.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemlpcpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemnubhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemkodpi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemzhwkx.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemdmbfj.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemlemzb.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemrlclf.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemziafn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemeatiw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemttnil.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemworyr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemhqlrd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemmdfmi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemaezry.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemhvlyq.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\Sysqemepejg.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1220 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe
PID 1220 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe
PID 1220 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe
PID 1384 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe C:\Users\Admin\AppData\Local\Temp\Sysqemcpzjc.exe
PID 1384 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe C:\Users\Admin\AppData\Local\Temp\Sysqemcpzjc.exe
PID 1384 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe C:\Users\Admin\AppData\Local\Temp\Sysqemcpzjc.exe
PID 1848 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemcpzjc.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwjeru.exe
PID 1848 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemcpzjc.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwjeru.exe
PID 1848 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemcpzjc.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwjeru.exe
PID 2024 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwjeru.exe C:\Users\Admin\AppData\Local\Temp\Sysqembtumk.exe
PID 2024 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwjeru.exe C:\Users\Admin\AppData\Local\Temp\Sysqembtumk.exe
PID 2024 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwjeru.exe C:\Users\Admin\AppData\Local\Temp\Sysqembtumk.exe
PID 1520 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\Sysqembtumk.exe C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe
PID 1520 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\Sysqembtumk.exe C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe
PID 1520 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\Sysqembtumk.exe C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe
PID 3080 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe
PID 3080 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe
PID 3080 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe
PID 2248 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwrmuz.exe
PID 2248 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwrmuz.exe
PID 2248 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwrmuz.exe
PID 4416 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwrmuz.exe C:\Users\Admin\AppData\Local\Temp\Sysqemclyxb.exe
PID 4416 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwrmuz.exe C:\Users\Admin\AppData\Local\Temp\Sysqemclyxb.exe
PID 4416 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwrmuz.exe C:\Users\Admin\AppData\Local\Temp\Sysqemclyxb.exe
PID 1508 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemclyxb.exe C:\Users\Admin\AppData\Local\Temp\Sysqemhokzh.exe
PID 1508 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemclyxb.exe C:\Users\Admin\AppData\Local\Temp\Sysqemhokzh.exe
PID 1508 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemclyxb.exe C:\Users\Admin\AppData\Local\Temp\Sysqemhokzh.exe
PID 2300 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhjdfp.exe C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe
PID 2300 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhjdfp.exe C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe
PID 2300 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemhjdfp.exe C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe
PID 4412 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwrpxq.exe
PID 4412 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwrpxq.exe
PID 4412 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe C:\Users\Admin\AppData\Local\Temp\Sysqemwrpxq.exe
PID 4044 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwrpxq.exe C:\Users\Admin\AppData\Local\Temp\Sysqembafsg.exe
PID 4044 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwrpxq.exe C:\Users\Admin\AppData\Local\Temp\Sysqembafsg.exe
PID 4044 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemwrpxq.exe C:\Users\Admin\AppData\Local\Temp\Sysqembafsg.exe
PID 4296 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\Sysqembafsg.exe C:\Users\Admin\AppData\Local\Temp\Sysqemjtesv.exe
PID 4296 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\Sysqembafsg.exe C:\Users\Admin\AppData\Local\Temp\Sysqemjtesv.exe
PID 4296 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\Sysqembafsg.exe C:\Users\Admin\AppData\Local\Temp\Sysqemjtesv.exe
PID 1460 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjtesv.exe C:\Users\Admin\AppData\Local\Temp\Sysqemrisoz.exe
PID 1460 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjtesv.exe C:\Users\Admin\AppData\Local\Temp\Sysqemrisoz.exe
PID 1460 wrote to memory of 4056 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjtesv.exe C:\Users\Admin\AppData\Local\Temp\Sysqemrisoz.exe
PID 4056 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrisoz.exe C:\Users\Admin\AppData\Local\Temp\Sysqemeatiw.exe
PID 4056 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrisoz.exe C:\Users\Admin\AppData\Local\Temp\Sysqemeatiw.exe
PID 4056 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemrisoz.exe C:\Users\Admin\AppData\Local\Temp\Sysqemeatiw.exe
PID 4664 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemeatiw.exe C:\Users\Admin\AppData\Local\Temp\Sysqemgrlgo.exe
PID 4664 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemeatiw.exe C:\Users\Admin\AppData\Local\Temp\Sysqemgrlgo.exe
PID 4664 wrote to memory of 2344 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemeatiw.exe C:\Users\Admin\AppData\Local\Temp\Sysqemgrlgo.exe
PID 2344 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgrlgo.exe C:\Users\Admin\AppData\Local\Temp\Sysqemlttbw.exe
PID 2344 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgrlgo.exe C:\Users\Admin\AppData\Local\Temp\Sysqemlttbw.exe
PID 2344 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemgrlgo.exe C:\Users\Admin\AppData\Local\Temp\Sysqemlttbw.exe
PID 2604 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemlttbw.exe C:\Users\Admin\AppData\Local\Temp\Sysqemoziem.exe
PID 2604 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemlttbw.exe C:\Users\Admin\AppData\Local\Temp\Sysqemoziem.exe
PID 2604 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemlttbw.exe C:\Users\Admin\AppData\Local\Temp\Sysqemoziem.exe
PID 1104 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemoziem.exe C:\Users\Admin\AppData\Local\Temp\Sysqemyvawb.exe
PID 1104 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemoziem.exe C:\Users\Admin\AppData\Local\Temp\Sysqemyvawb.exe
PID 1104 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemoziem.exe C:\Users\Admin\AppData\Local\Temp\Sysqemyvawb.exe
PID 4960 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemyvawb.exe C:\Users\Admin\AppData\Local\Temp\Sysqemjuntm.exe
PID 4960 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemyvawb.exe C:\Users\Admin\AppData\Local\Temp\Sysqemjuntm.exe
PID 4960 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemyvawb.exe C:\Users\Admin\AppData\Local\Temp\Sysqemjuntm.exe
PID 4388 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjuntm.exe C:\Users\Admin\AppData\Local\Temp\Sysqemtmczr.exe
PID 4388 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjuntm.exe C:\Users\Admin\AppData\Local\Temp\Sysqemtmczr.exe
PID 4388 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemjuntm.exe C:\Users\Admin\AppData\Local\Temp\Sysqemtmczr.exe
PID 4408 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\Sysqemtmczr.exe C:\Users\Admin\AppData\Local\Temp\Sysqemeeswv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2ab172f447cc8a6c48d7ae951964120_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcpzjc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcpzjc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwjeru.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwjeru.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembtumk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembtumk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwrmuz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwrmuz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemclyxb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemclyxb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhjdfp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhjdfp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwrpxq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwrpxq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembafsg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembafsg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjtesv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjtesv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrisoz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrisoz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemeatiw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemeatiw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgrlgo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgrlgo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlttbw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlttbw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoziem.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoziem.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyvawb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyvawb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjuntm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjuntm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtmczr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtmczr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemeeswv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemeeswv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoalpl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoalpl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemycizy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemycizy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhokzh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhokzh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemolvxl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemolvxl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemghvqh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemghvqh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoivvh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoivvh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoaegb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoaegb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoaftn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoaftn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembcmok.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembcmok.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlnleq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlnleq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemexzjk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemexzjk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiowwg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiowwg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgtdrr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgtdrr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqhfus.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqhfus.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjauam.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjauam.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlcsqs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlcsqs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtdsvl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtdsvl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyfbjv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyfbjv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoyhjq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoyhjq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemaezry.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemaezry.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgnjra.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgnjra.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemladff.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemladff.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlpcpi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlpcpi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemttnil.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemttnil.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemworyr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemworyr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvsfja.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvsfja.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemafhwe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemafhwe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlemzb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlemzb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdxbfu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdxbfu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemizqaz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemizqaz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqhffx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqhffx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvuzsc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvuzsc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtrhyo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtrhyo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfxago.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfxago.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnmwmu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnmwmu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvutrs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvutrs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqijhm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqijhm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemymuap.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemymuap.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdcsax.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdcsax.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvcdyw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvcdyw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqejaf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqejaf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfjsod.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfjsod.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqixrh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqixrh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfrrji.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfrrji.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfyoog.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfyoog.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemddnky.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemddnky.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdexhe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdexhe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqgedb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqgedb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiuenx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiuenx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemviwvx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemviwvx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfdxon.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfdxon.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnzhtw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnzhtw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyomlg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyomlg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemikneo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemikneo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemanbgq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemanbgq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemafdev.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemafdev.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnehup.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnehup.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsrbhu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsrbhu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqlyae.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqlyae.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkcadt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkcadt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiziqg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiziqg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsdxgt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsdxgt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcnwwa.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcnwwa.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnubhw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnubhw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemslhhe.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemslhhe.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrdrfj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrdrfj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemncmns.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemncmns.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnrkyv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnrkyv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrlclf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrlclf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhqlrd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhqlrd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmdfmi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmdfmi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemklrsp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemklrsp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemziafn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemziafn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhvlyq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhvlyq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnhgln.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnhgln.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemepejg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemepejg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxatga.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxatga.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjfloz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjfloz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjgvmf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjgvmf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemufipj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemufipj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembmxup.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembmxup.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxioyn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxioyn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemebxwh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemebxwh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrhqwh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrhqwh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwukrm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwukrm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhebht.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhebht.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmrdux.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmrdux.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkodpi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkodpi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjhkar.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjhkar.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtsbyp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtsbyp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemojvtn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemojvtn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgfulj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgfulj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjmkbk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjmkbk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmhojq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmhojq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmayhw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmayhw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrmsub.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrmsub.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzrene.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzrene.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzgbsv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzgbsv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhvpfh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhvpfh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemozztq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemozztq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoopyi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoopyi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwpoyw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwpoyw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzkrwj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzkrwj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemeiwwq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemeiwwq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemohkzm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemohkzm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzhwkx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzhwkx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgwkid.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgwkid.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqkmkm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqkmkm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdmbfj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdmbfj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrzmjb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrzmjb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjditd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjditd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgihon.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgihon.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqwjrx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqwjrx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemymgpv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemymgpv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgmgcv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgmgcv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdrkan.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdrkan.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqttiw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqttiw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvryid.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvryid.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemitgea.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemitgea.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwgyza.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwgyza.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvwvey.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvwvey.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemibnmf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemibnmf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlxrum.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlxrum.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvwefi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvwefi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdxeli.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdxeli.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemltpiu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemltpiu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnafyv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnafyv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembyjop.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembyjop.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemivuma.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemivuma.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdxzpk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdxzpk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqodku.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqodku.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembgtvl.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembgtvl.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemioqar.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemioqar.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvfmnt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvfmnt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnqatn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnqatn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxplrm.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxplrm.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdcger.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdcger.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemawces.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemawces.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemncvfs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemncvfs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfyvxo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfyvxo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemncgqr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemncgqr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvgriu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvgriu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemaxxjc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemaxxjc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvzdeg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvzdeg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfnfhp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfnfhp.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiuuxq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiuuxq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemselmp.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemselmp.exe"

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Users\Admin\AppData\Local\Temp\Sysqemqzqnz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqzqnz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqccfn.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqccfn.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempvdqh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempvdqh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsnsvu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsnsvu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemardid.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemardid.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkjsgq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkjsgq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsncta.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsncta.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzjfyr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzjfyr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemigatv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemigatv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemscted.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemscted.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcbfbv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcbfbv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfimmk.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfimmk.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemsvdcq.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemsvdcq.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcqemy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcqemy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxemcs.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxemcs.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemaomak.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemaomak.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemknqxv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemknqxv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvbupx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvbupx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemcgfdo.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemcgfdo.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnbfnw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnbfnw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemxxgxd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemxxgxd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemkkqvj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemkkqvj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemumfye.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemumfye.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfbsqg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfbsqg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemubeqh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemubeqh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemnjqts.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemnjqts.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempxujy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempxujy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemaawza.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemaawza.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqempxfny.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqempxfny.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemaespu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemaespu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwybde.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwybde.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjaryj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjaryj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrqfdh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrqfdh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemesuye.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemesuye.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhycon.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhycon.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhcohb.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhcohb.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemuedcy.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemuedcy.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmdgax.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmdgax.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmeqxd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmeqxd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemzgxsa.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemzgxsa.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemrgaqz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemrgaqz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemfttty.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemfttty.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmaqrw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmaqrw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemeeeby.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemeeeby.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjnvka.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjnvka.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemwepmx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemwepmx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembuvnf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembuvnf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemppoiw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemppoiw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemugtie.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemugtie.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemmclta.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemmclta.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemugwlv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemugwlv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembzeee.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembzeee.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlcvud.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlcvud.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhmaxu.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhmaxu.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgqnhd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgqnhd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjaoko.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjaoko.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgywqt.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgywqt.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembenyh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembenyh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemhctth.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemhctth.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjqvwi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjqvwi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembpyuh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembpyuh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqjwuc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqjwuc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgofaa.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgofaa.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlxwic.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlxwic.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqncik.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqncik.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgwqgw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgwqgw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemglorh.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemglorh.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjrehi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjrehi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjvrsr.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjvrsr.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdbqaf.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdbqaf.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemlupam.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemlupam.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqdyvc.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqdyvc.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemyslio.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemyslio.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemjomsw.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemjomsw.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemtnqyg.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemtnqyg.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgxxbj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgxxbj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemoestd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemoestd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemywiyi.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemywiyi.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemybklz.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemybklz.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemgfurj.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemgfurj.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemiliby.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemiliby.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqpuub.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqpuub.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqembohxx.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqembohxx.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemqtikv.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemqtikv.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemvkokd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemvkokd.exe"

C:\Users\Admin\AppData\Local\Temp\Sysqemdkwqd.exe

"C:\Users\Admin\AppData\Local\Temp\Sysqemdkwqd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Sysqemjeldi.exe

MD5 00390b21ee166e08f2090514889eaf85
SHA1 8c3af7fe063a8adff58da9f4819de442cac96276
SHA256 210b23948edf0f4eed432d03fb2c865566c18e22de8c2a33d34fb1d85fb4f0d1
SHA512 f8a5ebcac4c329d51aa5b8450f9b8d20c2fb3d9e4296d3e5eab3ee7a647e2e1b78de63898655400e7d028f2fc4e840d2680885d447c5de04313740760e39bcb9

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 b8a4480e477244945ff7a97d895de1d7
SHA1 cfb90920d4fe9d3f3e5553438a561db361ee8ce7
SHA256 e78ace788743425c50b2e2eedac11a0c0798a4d15031ff7b3ad25e262a886dde
SHA512 7e271a633999bb3880acee65d0c2efdb49b6d557f824b3efa59d5ef50d69b988ffa11e0e6bbaf1a630aa17fba19302da52ccdfcb8385cc347260c111c962f01f

C:\Users\Admin\AppData\Local\Temp\Sysqamqqvaqqd.exe

MD5 352a149006ad2e188b061c7887ad4d61
SHA1 5490aba79d4edf3d40e2e514ff8869382c91faec
SHA256 1f217e122ee58a8ed1c1a62a3dd761581f1b3dab3c9c5f40a709337359389748
SHA512 80f310f52d03703295885c52d78bda11c72805319cf8336f8141a5672f1436189f33012fdd2a1342e7a0431d84a79988cb1bce55ec742928a395a40f4d605f4b

C:\Users\Admin\AppData\Local\Temp\Sysqemcpzjc.exe

MD5 2b506f16ec1146b795b7cabe904cabeb
SHA1 4980c4cd0b9fcdeebd6166411f9b0b41576d4c64
SHA256 56ce33cdfb52536270a89832f3e3f6bef943e34ac97491aa25aaf7c0fcf67e99
SHA512 80cf3e806cfe944f0a95cb08cbd0d61c097fc7306d8c76062f330c2d663915ea6a50c3b05cdfb4d9d5cc745617edda8743cd99219c7b9cad716541382374d231

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 263a0acfffd22e50c9cfa9411ef65ebc
SHA1 b2334056e9baae7c92bbc50044e63dea05c89543
SHA256 f247c8e6a47ebe1f6469f52fa85c2ed8eaebae7ec8c6cc703db035ea0d9c1b9f
SHA512 4cbcbd0a62bf1c3fbb406c127169e3de8515dd3ce73e8d847d8137a65a8549627e91d640a16893d7f2de785fcce92d994d9a83eff7202868bfba44876e8301ec

C:\Users\Admin\AppData\Local\Temp\Sysqemwjeru.exe

MD5 a1fdbb3db86da33e1d3c996809d56b40
SHA1 62ba1823cc4c3443b2251035a22b49de96078bb5
SHA256 0d264141059e992ef0f6f83c604708068887a7dd8d4d81c315c906b5d5760e2c
SHA512 c67f4c2d93517838e93f5aba6bb63c3759c078df6af0c5caf5ca045d96776a6481d9fee5fa04699a334209920a7ed908c48fe3f1d32e85a697cdeb41bbebb742

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 de63f5dc811522ce522f55fc5077ff85
SHA1 fed197356095e29e8f0582358ee4eb60fbf92ab9
SHA256 b76d11c223c94196bcf21376bf36197d97654e95d08e63ab07923f7c1a0d1745
SHA512 3409aeccc6cc6bfc07fb91bd87a3abc7d6374e7361a127819bd19e05a0f53b141abbe785e3bae468f1ebee4b8a138ff566aa6793b90a445505a120769c9df006

C:\Users\Admin\AppData\Local\Temp\Sysqembtumk.exe

MD5 3df02cd831b9c4a3129eac0b8f6d7883
SHA1 9248eaf7646d62c438b84590c0319583cf6ceb2c
SHA256 03873446a1ef63ae18fb0a862398dc69079c09009fa345f3cb645ef9725b5213
SHA512 518beadf7befaabf574eb88c7d1a400cf1c29cea6fe62b816f1a29fe1632cfa3cf64ba4ff46f4f26cd7cbfe467ac9121ecce2cb04a41ca2b452bd49b0d8c1135

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 63904418b86a0c5f60901015085f4276
SHA1 0a435c728b020c077f15b9036a9d3d589d94b647
SHA256 214bc3dd33c12f7e8bef624d0bcb1be4cf80b1f544382be462345a01374bcab5
SHA512 d0a4a0d508cd6a4981371ab805c4daf53f2bd52685e055aa9325d327c11321beab96df558062bfcddb3d9f8b8ce43c1d3ce4db8d72726cea18ad5da42b279e97

C:\Users\Admin\AppData\Local\Temp\Sysqemhfgpv.exe

MD5 a661c35e7d4649cf9ba77eae6f746ea9
SHA1 637dd3ee51f47ae58ffa239c829a9eb83569d376
SHA256 4090d348e3a32063121434f8d4967169cb7ea055d19dff0529f8b0fafcc1e176
SHA512 4e6f4d8cc32aafc0f5115a3fc749c6ff5a88db4b1871d6a712305980660937f47cc7b062d2dfd914309d35f81d3c3c2fea44126e950f50f4d355c38ead1f03e4

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 181fd4f58faf80685e38cb0141869dd5
SHA1 44e8149339446a86a81f70c944d88d67f826f213
SHA256 bd57833988eef651666c867e6db25fdbc1f937bcff7dd3b58088f12ce55ddbf3
SHA512 888ed0aa6f04c221544342d9fb6e8d2bbba88f078bcc2612a91e2d2f2f8a5b1f18443025447f61c76c6a4f3c1645e98da507c04bf61573f07e68bab31f4583d9

C:\Users\Admin\AppData\Local\Temp\Sysqemmsaxg.exe

MD5 38ac9e64d00e41cf88429e1ebfe96b9b
SHA1 ad532b39854870a1a6874e8722c07316cd22bb34
SHA256 bb2768eda6f7c2b81b3d9e7aa58a1306612cea31d4780f6c5cad8e624bf02ae5
SHA512 273ef5f4165f5395c361bddcb99dd3ddddfd6d9f03b42f140faf42e032eec70b9d2b8a74fb6fb8d8f5109f2fe41754ce640147acfe226bced0608f6837db4dff

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 7bd497bdbf1b977a2dd5aa1f26d1e93a
SHA1 652c037fb26c6537777c2de3e0ba47f664170395
SHA256 4bfdeb270af3f3f6544e6188aaf16fbca184b2c6ec195f12ed4317620a2f0511
SHA512 6fc42726d4edac8f4bc5062f3f4d57f83f9dc24fdba5bf5d1f52ba013901d4aae992132ac876c19bf5154184762d3b08e7c3632b201a44a2cd556bebc07134d6

C:\Users\Admin\AppData\Local\Temp\Sysqemwrmuz.exe

MD5 76764a23a641ba4a8a2a48d2b74dd80f
SHA1 2e4de0bcc759f253cece07e8f7ad8bc524e3ba59
SHA256 f799655e870c11531ed913f98ef086af98edfb431e7ca72f4e88d9da8d935ef7
SHA512 ff254188596213676006040135e81baaaf7b7c672e45e93b777b59c465bdca2d770ce2e2eb792d5b5780323cc2422300f1b199c54d2e2181235578b77582afdc

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 0fc0f40edf6268cae0b1e3f6fb2dcac7
SHA1 f4b32cd4d604ac38f862d8064c0bf07ab1883284
SHA256 baecd0af2af3ff8d8997a1802543b39b58c9fb4a0841efe56f283747ec33e174
SHA512 c00d209223db930dadcaa195e8196cb116e356659c5d42bf68203ee3f4c63fd13c2e4d11533bf9ebf320b8015da504363b6fc0f8a4ef268919bb12b0c3837aaa

C:\Users\Admin\AppData\Local\Temp\Sysqemclyxb.exe

MD5 8237e8b1f6eba3bdc2f8dbd7f09cd3e9
SHA1 f8c74f3518b891fa9d959cde117e6e01bbf311fd
SHA256 58721066ffb31e73d2bd706c3822b46237eb306bd83ad254b91324afbb506dd4
SHA512 359c8c910d4e0a59ccecbc134937fc39c0bd69039a54f99e6ac3b4a46e2cbcdec74d73778d3448127b858fde693c25a0132a0dad3820ca01073d1ce32d55b1fc

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 28fde079a34ef4ff6d5054a424811973
SHA1 b701f6a7dda97b32f0585718a02ae35376f52d55
SHA256 ef618d91f869f6908631ee505ce805a3e09da3984dfd59ae1614233a8cf8c3bd
SHA512 afb04ea307dd0088ed1e2b2e28fff612ea6fd1397cfcd54d03bbd0887ea65b39a208c60da68749e3af6fb28f859582ac02aaed9bfc397d60a4fda6b5177c190f

C:\Users\Admin\AppData\Local\Temp\Sysqemhjdfp.exe

MD5 da87515548a2a836ef80615175b6e7bb
SHA1 54e59f0caa5d07d66f0fd55b7c5dc1a63db1b98f
SHA256 4af3032792b904aa16fdb1b6d9fcce2e1e507b539a56c00092d91ccfcdac8552
SHA512 14599974258bcc6295094b8b75498736e65381f20d628676d444e3542983e7a84123be0784df333e4bd47f5c364fa3d581985bb68d0b9e7730cca8b5470cc084

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 b8da7408b33036d90aa4c7cf537acdc6
SHA1 bc4022fd4b114c5d97ee495299fe9e489e6c3650
SHA256 19ac56bbb27428bbc0c66410096a0ae81bff3fa391baa550d25ea57363517285
SHA512 f6923551d3dcbbd4d9da4bc819872e5206362f295c586f27961c3289f2b0e96ea0af281683bd93c06ea66b9c8a0cb91ebbd2441518fa6360a118153e6414040d

C:\Users\Admin\AppData\Local\Temp\Sysqemredpx.exe

MD5 0f9eebf7b689b99cfc38dcb43a41bf8e
SHA1 2f8706dc9786120374607ec78c836cb9e4d16e46
SHA256 5259ec26e97ae0f394183845b4e9a235de5cb1c9ab049512bccda81610c04c3f
SHA512 429ebd2c02d62693cdd18071565a5950f1a6980edd8dee78660dba2e323aab499b34275607ba1f0328dd7e9ee15fc82018daf9801f7720a75a218c4e6bf60273

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 7a2f401277f469b6e2f57fa5242f8ef2
SHA1 621cfd8645e1386e835066d4c6799a5ace39e40f
SHA256 0a2cc07bbe1d967b485562b5dac85774c872117693b5f73a13afb5cd34f9855d
SHA512 58466296d01b22beb70ccdb55f7f0028de9552897cf590495ca16420efa47dfb9493e1a0afa907398f7d860675bd48d3aecc9e7a4015e46330416baf25da25a2

C:\Users\Admin\AppData\Local\Temp\Sysqemwrpxq.exe

MD5 8b64ff4182a71d70421f133f165f0bf3
SHA1 fa005164095f598390b52f1c7fa62a34cd3f9c4c
SHA256 7e832b31475450aa684c3e949086a6831d65f5caeec827d42e4de48b0a1c170f
SHA512 9e7bdf2e90204a99342b6d0e6a2370564e232dd3edaa8504514892f7dfa51ba705fff317a73564699499489c6f9fda5c28acf6d53ca223b02ea1e4731101d503

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 d0060781458e9526af3f24dcf5103670
SHA1 beb77316460a7a6c75e08522a6601e1232cf0126
SHA256 86045d42cace6e75ca5dc26d9db266455787b67fa09a2c667d5d0474ff58847a
SHA512 6e775eb6e7daa079f69eaf51721ac14de7908687530c80be5c012e2b4d55e4b8b70fd7f8ef71aba2da15e91250553bab8eafa542b606653af4157906a3e2df3f

C:\Users\Admin\AppData\Local\Temp\Sysqembafsg.exe

MD5 4ca92d3bd14e75714e52009a055468de
SHA1 967a4d5064880600d63c403cbc990ec08d2c7bca
SHA256 bbf5e75c3cb448a278c3cfd3ab0e4b733a4e631dd2ad40e689b21305bbba09d7
SHA512 5583a32de32b58d868f0b330cd48476353a0f6a6d9fe8dfd6316e2f966ee3af31f64c812a3e9a6ce0e3e8e4ebbd13eee2b95f3fe8ec2ed3bdf992a0ba89db646

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 925299cecd36f94d93cb46129e237c30
SHA1 d5d6bab3653c951e8cd892d565f3a5054f268844
SHA256 d3585e618ed06e21c68e110ba651eb9ffe28424473ec3abf91048fb49587c58b
SHA512 db26c2269816357140971022cf83ea6b43ece5fc8794e5fd27ed5b2976c98ab93f670f077afa4f125047c6a8469593e7c9d371a02904cf14dbf9bf98f264889f

C:\Users\Admin\AppData\Local\Temp\Sysqemjtesv.exe

MD5 27ddc75827e7135397537d42820ce95d
SHA1 8e34c7b14cafcaaf35323aac788ac01cca9c4376
SHA256 506665081759464a0a942cffcbeba83e603ca62f10dbc3951593c24650c76cdc
SHA512 a5d24b226412de86e8e12101a24cc7a9c9a5b141f677d5a6b55011c7df36e6e464c00a4d0c17b04dd98a00db68dbea0fdadc6cd265e71dfec04dc12b91e583ab

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 c434d0348a903d7bed2775b4643e1c59
SHA1 8c588e042b36c91f5c7d9528be3f12bb73d2b361
SHA256 65709a611c1a5e455f0f926aa72f592d31f247336d41dae117f44db773a2d38b
SHA512 f8ea3ed0c566c1eb964af4644aae62502b54e2cb40787e0377abc78b84df887ece46745a0dd18e4751f68363734f27bbb2f56e51b75df9ae03b8fbd5dd3b3ff8

C:\Users\Admin\AppData\Local\Temp\Sysqemrisoz.exe

MD5 4664a9a0245bb31f3f1c0dba4d64db41
SHA1 5f4a43831d570f96a72ab59994dbd3bc80aa0a79
SHA256 012d4892c9945601ec553e060c38fcf03ab16d9f317d887f61a79d7020736507
SHA512 16029fcbb2ffd756b24f133bdfdd90670a01093de08c4e90ac8509c579e276665f73a000b9735d406b22553027a49c255e013b7e4ef88432ebe3a0b407e23e32

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 02a28296e6e9fb209bcc1dbd07e325b1
SHA1 99e9056d18ebce5e3d39078790aebcc0b5fd1210
SHA256 b339d508fad44f4a45aa7378790e88056272565743d73f4ea29537f02bea8eb5
SHA512 5e4b6aa43f1ef7cb627cbebc531dd5d44b3785454510ee440d10026f3a6ed87d4c78cec88fe10027fae8a3530de569e7bd0d86c5d424821143d494f37e99054c

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\Sysqemeatiw.exe

MD5 ffbc99374de57f039f29bcb453c4b245
SHA1 d39af2eb99b39b12d330040f9526199fff85cdcb
SHA256 596955f87f67fff5d4030f05a8a66a4963193c4005994acfc8d4039fd184ddb9
SHA512 886fb8be755fb8a1b64d20be13b5d5e526c71a28762a786ccf8cb536794aa849642ecd57db15c050021fe8d7d3d96d6a8bf77716e8110f37cd3dc5d6aa022f35

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 0263c85be7edcfb4e5b8ee03c0589741
SHA1 a07cc53905e0a7c83e6a32ef7986d1b1f76bf83a
SHA256 bd3a898765976cd8f85d6f478bea0f322f210e1610bfcf3f31e6c25a059bf2cc
SHA512 023e2d0694fee41be11055e0aad46b85abc4dff08f3dc77a2098e670de71afe09051f879d4e47c70988e55d7545e1d3dccbd9a0fe48415edc8e0f1166b88a965

C:\Users\Admin\AppData\Local\Temp\Sysqemgrlgo.exe

MD5 160d58b555537c7fda7dbf31d658c35f
SHA1 1f526f1a7ac5a8ee2cbd9ac227efc4d10ff0f252
SHA256 455c4395fad63c1016ada0ffd0c7ca9730d684122328659427ee25ead1e72993
SHA512 d5287fd159ed1bf0b58d53ba5c4361c4095c267819cde0ec083bfd37752e799f9b09e68230380ec79fe3635b41fdd94d6b0e0bbb043d5c32c703d06241f5be00

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 b1289dda5b461cd625b8d4dcba580461
SHA1 98c46198c9a1899b76c99850bac76fb14f536e16
SHA256 a517fa41e64159bd71dbc76b109cb7451872d319d94d2b4f8a2c1c8c8c6cfb95
SHA512 1cd858b9936898b972a78d6ab73766d5dc0d5f3825364d7e85c9e9190202c7f720eb4313063be4e51422861f8cacafa09fbc9afbb0dfd98caf66af8f79796910

C:\Users\Admin\AppData\Local\Temp\Sysqemlttbw.exe

MD5 c3df7cfda3ce40e47129850ba1f97a3d
SHA1 2654abd8f0d82f50936d9e07b46ab93a40c89752
SHA256 d9e4760be0732500bf0fbe5e27cf8eeb6dcdeca591d61508a8b952d56c8e32fe
SHA512 afc90189ebe087c16e6d06568b9f084d1ff037ad80607ad844ae71a997ab0fea04646565227fa640162d703caa07b76318142995d6bc4d1990cdc2c23e2f16f7

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 b0b6bc034407a7d8c3da1325be30b69f
SHA1 3a5f9823aef747c84a2ea30625187156c0c392a0
SHA256 0225747ef93b7ec6fd51a1fbaaa28f841578bc7ddf7ba3acd73df070ee97fa48
SHA512 6e58cff8f342c0f882ef96778d6cd6b53f1d03474885e28ce6c77b32d1185776601f5ecd1ea0bed1266766ca21584c8e645b749b9c837df7ad80c3a46a6a9645

C:\Users\Admin\AppData\Local\Temp\Sysqemoziem.exe

MD5 cdb66c0ecb0320b6d8711723b6ddfea6
SHA1 df481cd82baea845d40c21da2223d28881883ac8
SHA256 fa462a2ab1d347dd41b877c1478bba59143320688677961c4bd6185830c57dcf
SHA512 8385a216ad5f0cbd571aa6c4bce36c087b913b8cbd8b7c489ddaf06af6eb937a5d70384a8e6a93b1a99bf860f12cfcfce6a2cf22a62210b1abc7ada3d925aec8

C:\Users\Admin\AppData\Local\Temp\qpath.ini

MD5 9b458a2831a5f133fc4079b81acd65de
SHA1 bd00d81c5bef44b4dcd50c5d17688c602eb1892a
SHA256 92346b53705cf360bd7e000a08f4826f1a36645f6640a04ddb9304ced687ff80
SHA512 5033a36b38fb330f41580316dad7563dc09e01ebf6b679c8f6140be14fd0485d4191611d58529b848810354b1aeb1aa793b0d6fd62d91f96eab039f8c52b8bf4